[Dovecot] best choice of user database file to work with postfix?

Thomas Leuxner tlx at leuxner.net
Thu Apr 22 10:33:15 EEST 2010 

On Wed, Apr 21, 2010 at 04:34:30PM -0400, Phil Howard wrote:
> > userdb {
> >  args = username_format=%u /var/vmail/auth.d/%d/passwd
> >  driver = passwd-file
> > }
> What does it take to get Postfix to read this?

Basically these two parameters in 'main.cf':

[main.cf]
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth

Since this will have implications when Dovecot is not running/unavailable
as Authtentication Backend, Postfix will reject legit incoming mail in
that case, it is better to put this in the master configuration actually
and have Postfix use a dedicated submission port for SASL clients:

[master.cf]
submission inet n       -       -       -       -       smtpd
smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject

> 
> $ cat passwd
> > user at domain.tld:{scheme}<password>:5000:5000::/var/vmail/domain.tld/user::userdb_quota_rule=*:storage=5G
> > userdb_acl_groups=PublicMailboxAdmins
> >
> 
> In which directory was this?

$ l /var/vmail/auth.d/doamin.tld/
total 4
-r-------- 1 doveauth dovecot 1234 2010-04-10 11:38 passwd

> I suspect I will want to be maping virtuals between different domains, so I
> might have
> 
> abuse at example.com        mailadmin at example.net
> abuse at example.net        mailadmin at example.net
> postmaster at example.com        mailadmin at example.net
> postmaster at example.net        mailadmin at example.net

No problem to do this.

> One thing I need to watch out for, and am concerned with because the last
> time I used Postfix there were a bunch of "virtual" configurations that
> really didn't work for me for a reason I cannot recall right now ... is that
> the same user name in different domains is NOT always the same user.  E.g.
> bob at example.com is NOT the same person as bob at example.net while
> bob at example.org doesn't even exist.  So there needs to be distinct entries
> for bob at example.com and bob at example.net (and not any for bob at example.org and
> have Postfix reject that during incoming SMTP sessions).

Yes, this is taken care of in the example. You can have Bob spread all
over the domains routing into different mailboxes, or point multiple
aliases to the same.

> There can also be cases where mike at example.com and mike at example.net are the
> same person, and Mike wants to have mail to these two addresses kept in
> separate mail boxes (and presumably must do separate logins, so he'd have to
> set up 2 accounts in his MUA) ... as well as steve at example.com and
> steve at example.net also being the same person, but Steve wants everything in
> one mailbox (so he'd have to pick between steve at example.com and
> steve at example.net and I'd have to set up a virtual map for the other to be
> delivered to the mailbox of his choice ... in a separate lookup table in
> Postfix).

See above, possible too.

> It might well be as long the domains are fully distinct.  I'll have to go
> read up on each of the virtual_* configuration parameters to be sure of the
> effects.  I was thinking to use:
> 
> mailbox_command = /usr/lib/dovecot/deliver
> 
> in Postfix main.cf.  Is that workable instead of "virtual_transport =
> lmtp:unix:private/dovecot-lmtp"  Or would running LMTP be a better way?

LMTP would be better long-term as it is more flexible and robust, e.g.
allowing multiple recipient deliveries in parallel and has  a real
protocol handshake compared to piping into the LDA, but both is
feasible. Hower LMTP is available with Dovecot 2.0 only.

Deliver flavour in pre-2.0 would look like this:

[main.cf]
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

[master.cf]
dovecot   unix  -       n       n       -       -       pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${recipient}

I will look into writing this up for the 2.0 Wiki.

Regards
Thomas

More information about the dovecot mailing list